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(57) Abstract: This invention relates to a system (200) for activation of an activation device (227) such as a lock (229). A commu- 
nication device (201) comprises means (203,205) for communicating an activation request message to a network (213) over a first 
air interface (207) such as a cellular air interface. The activation request message comprises information related to the identity of the 
communication device (201) and information related to the identity of the activation device (227). It further comprises means (217) 
for receiving an activation code for the activation device over the first air interface with the activation code being dependent on the 
information comprised in the activation request message. It also comprises means (210,221) for communicating the activation code 
from the communication device (201) to the activation device (227) over a second air interface (225). The activation device (227) 
comprises means for receiving the activation code from the communication device and means for performing a required activation 
in response to this. 
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A COMMUNICATION DEVICE, AN ACTIVATION DEVICE AND METHOD 
OF SECURE ACTIVATION THEREFOR 

Field of the Invention 

This invention relates to a communication device, an activation device and method of 
secure activation therefor, and in particular to a system of activating an access control 
activation device such as a lock. 

Background of the Invention 

It is well known today to use wireless interfaces to control and activate remote objects. 
A typical example is the ubiquitous infrared remote control which is well known as a 
device for controlling electronic devices such as televisions, radios etc. 

Wireless activations are also known for other applications such as for operating access 
mechanisms and locks. One example is a car door opener which activates the door 
lock when a button is pressed on a radio or infra red transmitting device. The signal 
transmitted by the transmitting device is specific for the specific car thereby 
preventing unauthorised access. 

The wireless activations and key systems improve on more traditional key systems 
which typically require a mechanical key for each separate lock or activation device. 
The traditional key systems have a number of disadvantages including the following 

• heavy to carry 

• exposed to loss and theft. 

• almost no security is given in case of loss and copies can be made easily 

• high costs are caused by replacing locks and keys 

• Keys can get worn-out and become non-functional 
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• The distribution of keys to e.g. family members or employees is expensive and 
inflexible 

• Difficult to implement a smart access system for houses or companies 
(restricted access) 

Another known mechanism of secure activation of devices such as locks etc are by 
using magnetic cards or swipe cards. However, these systems have the disadvantages 
of: 

• Cards being expensive and time consuming to produce 

• Card reader being unreliable and error prone 

• If changing access codes new cards for everybody have to be reissued 

• A loss of a card means issuing a new one, which causes additional costs 

A different known method of securely activating devices is by using an access codes 
which are entered on a keypad by a user. However, disadvantages of this approach 
include: 

• if somebody finds out the code then accessing/opening the device is easy 

• it is inconvenient for users to remember the access codes 

• in order to make a code easy to remember and practical to key in every time 
the device is to be activated, it must be relatively short. However, a short code 
results in low security. 

Although known wireless activation devices such as a car door opener improve on 
many of the disadvantages of these other systems, they also maintain a number of the 
disadvantages, including 

• dedicated control devices are required for each activation device or group of 
activation devices 

• the system is inflexible requiring that control device and activation device are 
configured to work directly with each other. Typically, the access code is pre- 
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programmed into both control device and activation device, and modification is 
impossible or at least require manual re-configuration of individual devices. 

• Replacement after loss difficult and time consuming and distribution of 
additional activation keys limited or impossible 

• Limited security- access can't be blocked immediately if access key gets stolen 

There is thus a need for an improved system of secure activation of devices. 



Summary of the Invention 

The invention seeks to provide an improved system for secure activation of devices. 

Accordingly there is provided, a method of secure activation of an activation device; 
comprising the steps of: communicating an activation code request message from a 
communication device to a network over a first air interface; the activation code 
request message comprising information related to an identity associated with the 
communication device and to the identity of the activation device; deriving an 
activation code for the activation device by accessing a data store associated with the 
network in response to the information comprised in the activation code request 
message; communicating the activation code from the data store to the communication 
device through the network and over the first air interface; communicating the 
activation code from the communication device to the activation device over a second 
air interface; and the activation device performing a required activation in response to 
receiving the activation code from the communication device. 

Preferably, the activation request message further comprises information identifying 
the required activation and the activation device is operable to perform a plurality of 
activations and the activation code identifies the required activation. 
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According to a feature of the invention, the method further comprises the step of 
determining a set of accessible activation devices accessible by the communication 
device. 

Preferably, the first air interface is part of a cellular radio communication system; the 
communication device is a mobile terminal of the cellular communication system and 
the second air interface is a short distance air interface. 

In accordance with a second aspect of the invention, there is provided a 
communication device for secure activation of an activation device comprising: means 
for communicating a activation request message to a network over a first air interface; 
the activation request message comprising information related to the identity of the 
communication device and information related to the identity of the activation device; 
means for receiving an activation code for the activation device over the first air 
interface; said activation code being dependent on the information comprised in the 
activation request message; and means for communicating the activation code from the 
communication device to the activation device over a second air interface. 

In accordance with a third aspect of the invention, there is provided an activation 
device comprising: means for receiving a probe message from a communication device 
over an air interface; means for transmitting an identification message from the 
activation device to the communication device over the air interface; means for 
receiving an activation code from the communication device over the air interface; and 
means for performing a required activation in response to receiving the activation code 
from the communication device. 
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Brief Description of the Drawings 

An embodiment of the present invention is described below, by way of example only, 
with reference to the Drawings, in which: 

FIG. 1 is an illustration of a cellular communication system according to prior art; 

FIG. 2 is an illustration of a system of activation and a communication device for 
activation in accordance with an embodiment of the invention; and 

FIG. 3 is an illustration of a flow chart of a method of activation in accordance with 
an embodiment of the invention. 



Detailed Description of a Preferred Embodiment 

In the preferred embodiment the activation is a secure activation and in particular a 
secure activation of an access control activation device. 

The following description focuses on an embodiment compliant with a cellular 
communication system but it will be apparent that the invention is not limited to this 
application. 

In a cellular communication system, each of the user equipment or subscriber units 
(mobile stations, user terminals etc) communicates with typically a fixed base station. 
Communication from the subscriber unit to the base station is known as uplink and 
communication from the base station to the subscriber unit is known as downlink. The 
total coverage area of the system is divided into a number of separate cells, each 
predominantly covered by a single base station. The cells are typically geographically 
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distinct with an overlapping coverage area with neighbouring cells. FIG. 1 illustrates a 
cellular communication system 100. In the system, a base station 101 communicates 
with a number of subscriber units 103 over radio channels 105. In the cellular system, 
the base station 101 covers users within a certain geographical area 107, whereas other 
base stations 113, 115 cover other geographical areas 109, 111. Some overlap areas 
can be covered by more than one cell. 

As a subscriber unit moves from the coverage area of one cell to the coverage area of 
another cell, the communication link will change from being between the subscriber 
unit and the base station of the first cell, to being between the subscriber unit and the 
base station of the second cell. This is known as a handover. Specifically, some cells 
may lie completely within the coverage of other larger cells. 

All base stations are interconnected by a fixed network. This fixed network comprises 
communication lines, switches, interfaces to other communication networks and 
various controllers required for operating the network. The base stations themselves 
can also be considered part of the fixed network. A call from a subscriber unit is 
routed through the fixed network to the destination specific for this call. If the call is 
between two subscriber units of the same communication system the call will be routed 
through the fixed network to the base station of the cell in which the other subscriber 
unit currently is. A connection is thus established between the two serving cells 
through the fixed network. Alternatively, if the call is between a subscriber unit and a 
telephone connected to the Public Switched Telephone Network (PSTN) the call is 
routed from the serving base station to the interface between the cellular mobile 
communication system and the PSTN. It is then routed from the interface to the 
telephone by the PSTN. 

FIG. 2 illustrates a system 200 of activation and a communication device such as a 
subscriber unit 201 for activation in accordance with an embodiment of the invention. 
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The communication device comprises an activation code request processor 203 
connected to a cellular transmitter 205 operable to communicate in cellular 
communication system over a radio link 207. The transmitter 205 is coupled to an 
antenna 209 through a duplexer 211 operable to allow a receiver 217 and a transmitter 
205 to use the same antenna 209, as is well known in the art. The communication 
device 201 communicates with the network 213 over a first air interface which in the 
embodiment consists in a cellular radio link 207. The network 213 comprises base 
stations, base station controllers, master switch centres; routers and any other 
component required or desired in the implementation of a cellular communication 
system. The network 213 is connected to a data store 215 that for clarity is shown as 
an independent unit in FIG. 2 but which may be implemented in any suitable form and 
specifically may be implemented as part of an existing network component. In 
alternative embodiments, the network 213 shown may be a very simple network. In its 
simplest form, it may simply consist in interface circuitry for interfacing with the data 
store and a transceiver suitable for communicating with the communication device 
over the first air interface. 

The communication device further comprises a cellular receiver 217 connected to the 
duplexer 211. The cellular receiver 217 is operable to receive signals sent from the 
network 213 to the communication device 201. The cellular receiver 217 is connected 
to an activation code transmit processor 219 connected to a short distance transmitter 
221. The short distance transmitter 221 is connected to an antenna 223 for 
communication over a second air interface 225, which in this embodiment is a short 
distance radio interface. Short distance air interfaces have a range of a few hundred 
meters or less and examples include the Bluetooth, Hiperlan or WiFi standards well 
known in the art. However, any second air interface may be used including for 
example wireless infrared communication links. The communication device 201 
communicates with an activation device 227 over the second air interface 225. In the 
shown embodiment, the activation device is connected to an external mechanical lock 
229 which is activated by the activation device 227. In other embodiments, the 
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activation device 227 may activate other devices or the activation may be of the 
activation device 227 itself. The activation may further be of part of a device, of a 
specific function of the device or of any other suitable component or function. 

FIG. 3 is an illustration of a flow chart of a method of activation in accordance with 
an embodiment of the invention. 

In step 301 the activation code request processor 203 generates and transmits an 
activation code request message. This message comprises the information needed to 
identify the communication device as well as the activation device. Specifically, it may 
contain a specific number uniquely identifying the communication device and a second 
number uniquely identifying the activation device. Any suitable format and protocol 
can be used for generating an activation code request message provided it contains 
information related to an identity associated with the communication device 201 and 
information related to the identity of the activation device 227. 

Specifically, the information related to an identity associated with the communication 
device 201 can in the preferred embodiment, where the communication device 201 is a 
user equipment of a cellular communication system (e.g. a mobile phone), for example 
be a unique identity pre-programmed into the user equipment (such as the International 
Mobile Equipment Identity (IMEI) number for GSM), a subscriber identity (such as 
the International Mobile Subscriber Identity (IMSI) for GSM) or a dynamic identity 
allocated to the communication device (such as the Temporary Mobile Subscriber 
Identity (TMSI) for GSM). Specifically when a subscriber identity is used, this can 
beneficially be stored in a removable storage media, such as a smart card or the SIM 
card in GSM. This provides the added advantage that different communication devices 
can operate the system of activation simply by moving the removable storage media 
from one device to another. 
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The information relating to the identity of the activation device is preferably a unique 
identity of the device such as a specific serial number. However, in some 
embodiments it may also be a group identity or a device type identity. In these 
embodiments, the system may be utilised to activate a plurality of activation devices 
simultaneously. Alternatively, a user may have permission to activate all activation 
devices in a certain group or of a certain type and by using the identity of this group 
or type in the activation code request message, the user will receive and activation 
code suitable for all devices in the group or of the type. This can be used to activate 
the specific device in the vicinity of the user. 

The cellular transmitter 205 transmits the activation code request message to the 
network 213. 

Upon receiving the activation code request message, the network 213 in step 303 
proceeds to derive an activation code for the activation device. This is achieved by 
accessing the data store 215. In the simplest form the data store comprises a simple 
data structure wherein for each activation device identity, there is a corresponding 
activation code and list of allowed communication device identities. Alternatively 
and/or additionally, a data structure may be implemented wherein for each 
communication device identity there is a list of allowed activation devices with their 
corresponding activation code. It will be clear that any suitable organisation, 
association or structuring of the data allowing an activation code being determined in 
response to the information comprised in the activation code request message, can be 
used. 

If the information in the data store does not have an association between the 
communication device identity and the activation device identity, no access code will 
be returned or alternatively a void access code is returned indicating that no such 
association exist. This void access code may be used by the communication device to 
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cease the operation or if processed as a normal access code and transmitted to the 
activation device, it will fail to activate the activation device. 

In step 305, the derived activation code is transmitted from the network to the 
communication device over the first air interface. In the preferred embodiment, it is 
thus transmitted using the cellular transmission protocol of the cellular communication 
system. In a GSM communication system the General Packet Radio Service (GPRS) is 
advantageous as it is an efficient method for communication of small data packets. 

The activation code is received by the communication device 201 and fed to the 
activation code transmit processor 219. This processor controls a second transmitter 
221 operable to communicate over the second air interface. Hence, in step 307 the 
short distance transmitter 221 transmits the activation code to the activation device 227 
over the second air interface 223. In the simplest embodiment the access code is 
transmitted directly as received from the data store but in other embodiments it is 
modified by the activation code transmit processor 219 or additional information is 
appended to the message (such as e.g. the terminal or subscriber identity). Also 
further commands or requests may be included allowing the communication device to 
control different functions of the activation device 227 based on the same access code. 

When receiving the activation code, the activation device 227 checks that it is a valid 
access code and if so, it proceeds in step 309 by performing the required action. In the 
described embodiment this results in the activation device 227 activating the 
mechanical lock 229 thereby locking or unlocking e.g. a door. 

In the simple embodiment described only one access code exists for each activation 
device. However, in more advanced embodiments each activation device may be 
operable to perform a plurality of activations. In this embodiment different activation 
codes are used for different activations and the activation code request message further 
comprises information identifying the required activation. The data store will 
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consequently not only have associations between the communication device identity, 
the activation device identity and the appropriate access code but also between the 
information identifying the required activation and the appropriate access code. Hence, 
in this embodiment an activation device capable of the functions of locking a door, 
unlocking a door, switching a light on and switching a light off may be operated by 
the activation code request processor 203 of the communication device including an 
identification of the required action in the activation request message. The message 
may thus contain the appropriate code for the function "unlock the door\ This is used 
by the data store to identify the appropriate access code corresponding to the 
communication device identity, the activation device identity and the function of 
opening the door. This access code is then transmitted to the communication device 
and then to the activation device which will detect that this is the appropriate access 
code for this function and consequently unlock the door. 

In the preferred embodiment, the identity of the activation device is simply entered 
into the communication device by the user. Preferably, the identity is stored in a non- 
volatile memory so that it needs only be entered once, i.e. the first time the user uses 
the activation device. From then on, the activation device can be chosen from a 
customised list contained in the communication device. 

However, in a more advanced embodiment the communication device scans for 
available activation devices using the short distance air interface. In this embodiment, 
the communication device transmits a probe message over the second air interface. 
This probe message is received by all activation devices within the transmission area 
of the communication device (typically limited to a few hundred meters or less for the 
short distance air interface of the preferred embodiment). Upon receiving a probe 
message, the activation device transmits an identification message on the second air 
interface. This identification message is received by the communication device and 
comprises information relating to the identity of the activation device. It may comprise 
further information relating to the for example the type, location or functionality of the 
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activation device. The information is used to select which activation devices are 
accessible and to select which to activate, in the preferred embodiment simply by the 
user selecting from a displayed list of all accessible activation devices. The 
information is further supplied to the activation code request processor 203 which uses 
it when generating the access code request message. 

In one scenario, it is possible that a plurality of target devices are in the close vicinity 
of a communication device and therefore more than one activation device could be 
potential targets for the command. In one embodiment for this scenario, an access 
method is used to select which target device to execute the command on. The access 
method comprises selecting the appropriate activation device in response to the users 
environment. An example would be that if a user sits in his/her running locked car and 
presses the "open" button the access method determines that it doesn't make sense to 
open the car, but opens the garage door instead. The access method can be extended to 
take into account known user patterns. If die communication device still doesn't 
manage to make a safe decision on the target, it displays a list of targets for selection 
from the user. 

In a different embodiment the associations between identity information and activation 
codes in the data store are modified in response to a user input preferably by changing 
all associations related to an identity associated with the communication device to an 
identity associated with a different communication device. 

This feature is particularly beneficial for preventing or changing the access of an 
unauthorised communication device. For example, if a communication device is lost or 
stolen, all the keys belonging to the communication identity can be passed on to a new 
communication device by changing the associations in the data store from referring to 
the identity of the stolen communication device to that of the new communication 
identity. This provides a very easy and simply process for both barring the stolen or 
lost communication device as well as for enabling the new device. 



WO 03/050775 



PCT/EP02/13030 



13 



The embodiments described thus enable the user to use a communication device such 
as a mobile phone for locking and unlocking any device (like cars, doors, safes, 
suitcases, lockers, letterboxes etc) with an electronic wireless access system. "Cutting 
a new key" is as simple as typing once a few numbers into the mobile. The system is 
very reliable and highly secure against misuse and in case of loss of the mobile phone 
and/or replacement with a new mobile phone all keys are easily replaced or 
transferred. The embodiments also allow in an easy way to set up smart access 
systems in houses and companies implementing restricted access for individuals or 
groups. 

The components and functionality described may be implemented in any suitable 
manner to provide suitable apparatus. Specifically, the components may consist of a 
single discrete entity, or may alternatively be formed by adapting existing parts or 
components. As such the required adaptation may be implemented in the form of 
processor-implementable instructions stored on a storage medium, such as a floppy 
disk, hard disk, PROM, RAM or any combination of these or other storage media. 
Furthermore, the functionality may be implemented in the form of hardware, 
firmware, software, or any combination of these. 

It will be understood that the invention tends to provide in particular the following 
advantages singly or in any combination: 

• a low cost activation system can be implemented. This uses a commxmication 
device operable operate over a first interface, such as a cellular interface, to 
access a data store. The communication device may in addition be able to 
support other commxinications over this interface such as specifically phone 
calls. At the same time activation devices are accessed over a second air 
interface which can be a simple low cost air interface, such as Bluetooth, 
resulting in very little cost being added to the activation device. 
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a high level of security is obtained as the access codes are centrally maintained, 
one device can be used for accessing a plurality activation devices and 
functions. 

automatic detection of accessible activation devices is possible. 
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Claims 



1 . A method of secure activation of an activation device; comprising the steps of: 
communicating an activation code request message from a communication 

device to a network over a first air interface; the activation code request message 
comprising information related to an identity associated with the communication 
device and to the identity of the activation device; 

deriving an activation code for the activation device by accessing a data store 
associated with the network in response to the information comprised in the activation 
code request message; 

communicating the activation code from the data store to the communication 
device through the network and over the first air interface; 

communicating the activation code from the communication device to the 
activation device over a second air interface; and 

the activation device performing a required activation in response to receiving 
the activation code from the communication device. 

2. A method as claimed in claim 1 wherein the activation request message further 
comprises information identifying the required activation. 

3. A method as claimed in claim 1 or 2 wherein the activation device is operable 
to perform a plurality of activations and the activation code identifies the required 
activation. 

4. A method as claimed in any previous claim further comprising the step of 
determining a set of accessible activation devices accessible by the communication 
device. 
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5. A method as claimed in claim as 4 wherein the step of determining a set of 
accessible activation devices comprising the step of the communication device 
transmitting a probe message over the second air interface and the activation device 
transmitting an identification message upon receiving the probe message 

6. A method as claimed in any previous claim farther comprising the steps of 
modifying at least some associations between identity information and activation codes 
in the data store in response to a user input. 

7. A method as claimed in claim 6 wherein the step of modifying comprises 
changing all associations related to an identity associated with the communication 
device to an identity associated with a different communication device. 

8. A method as claimed in any previous claim wherein the activation performed 
by the activation device is a locking or unlocking function. 

9. A method as claimed in any previous claim wherein the first air interface is 
part of a cellular radio communication system. 

10. A method as claimed in claim 9 wherein the communication device is a mobile 
terminal of the cellular communication system. 

11. A method as claimed in claim 10 wherein the identity associated with the 
communication device is a terminal identity of the mobile terminal 

12. A method as claimed in claim 10 wherein the identity associated with the 
communication device is a subscriber identity. 

13. A method as claimed in claim 12 wherein the subscriber identity is contained in 
a removable storage media operable to interoperate with the communication device. 
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14. A method as claimed in any previous claim wherein the second air interface is 
a short distance air interface. 

15. A communication device for secure activation of an activation device 
comprising: 

means for communicating an activation request message to a network over a 
first air interface; the activation request message comprising information related to the 
identity of the communication device and information related to the identity of the 
activation device; 

means for receiving an activation code for the activation device over the first 
air interface; said activation code being dependent on the information comprised in 
the activation request message; and 

means for communicating the activation code from the communication device 
to the activation device over a second air interface. 

16. A communication device claimed in claim 15 wherein the activation request 
message further comprises information identifying the required activation. 

17. A communication device as claimed in any previous claim 15 to 16 further 
comprising means for determining a set of accessible activation devices accessible by 
the communication device. 

18. A communication device as claimed in claim 17 wherein the means for 
determining a set of accessible activation devices comprises means transmitting a 
probe message over the second air interface and means for receiving an identification 
message from the activation device transmitting over the second air interface. 

19. A communication device as claimed in any previous claim 15 to 18 wherein the 
first air interface is part of a cellular radio communication system. 
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20. A communication device as claimed in any previous claim 15 to 19 wherein the 
second air interface is a short distance air interface. 

21 . An activation device comprising: 

means for receiving a probe message from a communication device over an air 
interface; 

means for transmitting an identification message from the activation device to 
the communication device over the air interface; 

means for receiving an activation code from the communication device over the 
air interface; and 

means for performing a required activation in response to receiving the 
activation code from the communication device. 

22. An activation device as claimed in claim 21 wherein the activation device is 
operable to perform a plurality of activations and is operable to determine the required 
activation in response to an identification comprised in the activation code. 

23 . An activation device as claimed in claim 21 or 22 wherein the activation 
performed by the activation device is a locking or unlocking function. 
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